"Controller" means the Subscriber who determines the purposes and means of processing personal data through MAS Pilot. "Processor" means MAS Pilot LLC, which processes personal data on behalf of the Controller. "Personal Data" means any data uploaded to or processed by MAS Pilot that relates to an identified or identifiable natural person. "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
MAS Pilot LLC processes Personal Data on behalf of the Controller solely for the purpose of providing the MAS Pilot compliance platform as described in the Terms of Service. Processing is limited to: validating TDR submission data, storing compliance records, generating validation reports, and providing platform functionality.
The Controller represents and warrants that it has a lawful basis for processing any Personal Data submitted to MAS Pilot, has obtained any required consents from data subjects, and has the authority to enter into this DPA.
MAS Pilot LLC as Processor will:
Transactional pricing data uploaded for TDR validation is processed in-memory only and is not persisted to any database. This data is deleted at the end of each validation session and is never used for any purpose other than the requested validation.
MAS Pilot stores and processes all data within the United States. No Personal Data is transferred outside the United States. If you require data processing agreements under GDPR that include Standard Contractual Clauses (SCCs), please contact us at [email protected].
MAS Pilot implements the following technical and organizational measures:
MAS Pilot uses the following categories of sub-processors: cloud infrastructure providers (for hosting and data storage, using FedRAMP-authorized services), payment processors (for subscription billing only — no contract data is shared), and email delivery services (for transactional notifications only). A current list of sub-processors is available upon written request.
In the event of a Personal Data breach affecting your data, MAS Pilot will notify you without undue delay and no later than 72 hours after becoming aware of the breach, where feasible. Notification will include the nature of the breach, categories and approximate number of data subjects affected, and measures taken or proposed to address the breach.
Upon written request, MAS Pilot will assist the Controller in responding to data subject requests for access, rectification, erasure, restriction, portability, or objection. Requests should be submitted to [email protected] with subject line "Data Subject Request." Requests related to privacy may also be sent to [email protected].
For California residents: MAS Pilot does not sell Personal Data. MAS Pilot processes Personal Data as a Service Provider under the CCPA/CPRA, solely for the purposes specified in this DPA and the Terms of Service. MAS Pilot will not retain, use, or disclose Personal Data for any commercial purpose outside of providing the contracted services.
This DPA is effective for the duration of the subscription and terminates upon expiration or termination of the Terms of Service. Upon termination, MAS Pilot will delete all Personal Data within 90 days unless retention is required by law.
This DPA is governed by the laws of the State of New Mexico. For EU/EEA Controllers, this DPA shall be interpreted in accordance with GDPR to the extent applicable.
This DPA is incorporated by reference into the Terms of Service and takes effect automatically upon your acceptance of the Terms. If you require a separately executed DPA for your organization's records, contact [email protected].